Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250502-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2025, 07:23

General

  • Target

    264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe

  • Size

    24KB

  • MD5

    33939f65e5b1a5011e3d255518e5864b

  • SHA1

    ab0505793b113b986b6a28ce940e5fbca1e86796

  • SHA256

    264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a

  • SHA512

    d788fc05c7e7fa5374029f22ba5f94d84a48129e04db06dd2b81952fd63b53f4c655b31beb65fa1435666d187e88f71d4675acd747c44a1200e528ea1f6514bb

  • SSDEEP

    768:s7BlpppARFbhdLz8ae+rOn8ae+rOb84yT:s7ZppApdIIy

Score
9/10

Malware Config

Signatures

  • Renames multiple (5252) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe
    "C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3464

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3623617754-4043701611-775564599-1000\desktop.ini.tmp

          Filesize

          24KB

          MD5

          f7731450c657cafbe470f1e9b0a5b657

          SHA1

          6162d868d4b76508fae33806612a73341c136a6f

          SHA256

          b549d5af5fdd56600a2ab16adc00666b04b15213627e26d36550509efed1f655

          SHA512

          1204c1862bfa788bf2f1531aaf7f7ab515791aeb8ccd0fb40cdeeaed4558af027cc680540452d99e7cf51e3c8d9fc063446f3be0d807deec4697c5f31f2ad896

        • C:\b96a7bef2438b67e1aee\2010_x86.log.html.tmp

          Filesize

          105KB

          MD5

          5a331dbdad92e0d8f6098a229c01148e

          SHA1

          619d288c0e9ceac8a6fb09dbcb64cc311ec5cb86

          SHA256

          60ec1a53fd73b70473f247cc96774ce1a038d6d39442542dfd53747e72d99206

          SHA512

          1393a2331a89c6842219a332eaf753f7a888ea2f0ae3271f0a75024c4c4816c42f066b2c5e0c08cd7fe25912f056c4e7cd1c5d79686ceebe29afe1fa2c57ca2b